Related
When I tried connect to google.com from I got this Certificate Error:
Session #3: The server (152.199.19.161) presented a certificate that did not validate, because it was issued to a different host.
SANs: *.vo.msecnd.net, *.adn.azureedge.net, *.ads2.msads.net, *.aspnetcdn.com, *.azurecomcdn.net, *.azureedge.net, *.azureedge-test.net, *.cdn.skype.com, *.cdn.skype.net, *.cmsresources.windowsphone.com, *.cmsresources.windowsphone-int.com, *.dev.skype.com, *.fms.azureedge.net, *.microsoft-sbs-domains.com, *.secure.skypeassets.com, *.secure.skypeassets.net, *.wac.azureedge.net, *.wpc.azureedge.net, *.ec.azureedge.net, *.wpc.ec.azureedge.net, *.wac.ec.azureedge.net, *.adn.ec.azureedge.net, *.fms.ec.azureedge.net, ajax.microsoft.com, cdnads.msads.net, cdn-resources.windowsphone.com, cdn-resources-beta.windowsphone.com, ecnads1.msn.com, iecvlist.microsoft.com, images-cms-pn.windowsphone-int.com, images-cms-tst.windowsphone-int.com, lumiahelptipscdn.microsoft.com, lumiahelptipscdnqa.microsoft.com, lumiahelptipsmscdn.microsoft.com, lumiahelptipsmscdnqa.microsoft.com, montage.msn.com, mscrl.microsoft.com, r20swj13mr.microsoft.com, *.streaming.mediaservices.windows.net, *.origin.mediaservices.windows.net, download.sysinternals.com, amp.azure.net, rt.ms-studiosmedia.com, gtm.ms-studiosmedia.com, *.aisvc.visualstudio.com, *.cdn.powerbi.com, dist.asp.net, embed.powerbi.com, msitembed.powerbi.com, dxtembed.powerbi.com, *.cdn.powerappscdn.net, downloads.subscriptionsint.tfsallin.net, download.my.visualstudio.com, cdn.vsassets.io, cdnppe.vsassets.io, stream.microsoft.com, datafactory.azure.com, *.cortanaanalytics.com, do.skype.com, software-download.office.microsoft.com, software-download.microsoft.com, prss.centralvalidation.com, *.gallerycdn.vsassets.io, *.gallerycdnppe.vsassets.io, global.asazure.windows.net, download.learningdownloadcenter.microsoft.com, www.videobreakdown.com, www.breakdown.me, *.gallerycdntest.vsassets.io, agavecdn.o365weve-dev.com, agavecdn.o365weve-ppe.com, agavecdn.o365weve.com, download.visualstudio.com, *.Applicationinsights.net, *.Applicationinsights.io, *.Applicationinsights.microsoft.com, *.sfbassets.com, *.sfbassets.net, download.mono-project.com, *.streaming.media-test.windows-int.net, *.origin.mediaservices.windows-int.net, *.mp.microsoft.com, download.visualstudio.microsoft.com, software-download.coem.microsoft.com, cdn.wallet.microsoft-ppe.com, cdn.wallet.microsoft.com, vi.microsoft.com, *.nuget.org, *.nugettest.org, cdn.botframework.com, *.streaming.media.azure.net, *.streaming.media.azure-test.net, natick.research.microsoft.com, quotecenter.microsoft.com, quotecenter-ppe.microsoft.com, cdn.cloudappsecurity.com, *.yammer.com, *.videoindexer.ai, .api.videoindexer.ai SUBJECT: CN=.vo.msecnd.net
I don't know why because I added Trust Root Certificate.
I posted a previous question last week here.
On the machine I was using, I was able to get this up and running correctly. Now, doing the setup on another machine, I've gotten past everything, however, when connecting to the RabbitMq broker using a .NET client application, it fails on the pkcs12 file, saying it's badly formatted.
I've regenerated this file a few times now, making sure I was using the client and server .pem files, respectively, still to no avail.
In the troubleshooting link here all tests pass completely.
Environment:
Erlang 19.1
RabbitMq 3.6.6
Windows Server 2012 R2
My RabbitMq config file:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"C:\\rabbitcerts\\testca\\cacert.pem"},
{certfile,"C:\\rabbitcerts\\server\\cert.pem"},
{keyfile,"C:\\rabbitcerts\\server\\key.pem"},
{depth, 2},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
Running this command:
openssl s_client -connect mitvs-atm01:5671 -tls1 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
Results in success:
CONNECTED(00000130)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = mitvs-atm01, O = server
verify return:1
---
Certificate chain
0 s:/CN=mitvs-atm01/O=server
i:/CN=MyTestCA
1 s:/CN=MyTestCA
i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAeFw0xNzAxMjUwMjIxMTZaFw0xODAxMjUwMjIxMTZaMCcxFDASBgNVBAMM
C21pdHZzLWF0bTAxMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7bqHNpdY1OUstv1EU361/tvsCZigsBy9+xAAkzmEVbUrl
ISOdyvA+oC5oKx2e7otENEAZ6I7D6AqhUsWltqCD5cE8pFipE1VDYchPMSLYH+xT
dYbuGBrEbMw4FYsgpL9WGHFQKkeoNDyJR9McUSmtBi5uQcxmIt+RFs2O6qxwS8pG
32VFwZEncxD4SfPF05pGBaAtV0IHGcw+mRlqHBEwK2qFr1b2FQacCGyv+JFea6ok
TFjKYByZrQCT3l3mlbmZjt+qFNMg4BhA4TWx8zhO5XzG3tiV86G+x8RJUllisKkK
A+dcaMpZ7wr3sz8WrP++UtE1rjDzX6Va3kP6O2YdAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBlfQcXWrd+7f9DVx2BIyVcGHouWDFirwSU5IvvgIYyZFbivgosW9Wd
E7fueBUTkZihWG2KxXesVPIlaNy3851KV+r0/zZ+Frp7VX4FEcP900t+Bgy/w3fZ
9YHiZhGHQriA8YmQOkg/YweHU1GsT8APk3JbuqtyI+RRn5iltbDNGF2ch6me/w9E
0Jv0UJvQVuPqSr0mONCyM6JeDLAkaOHTkNEy++uEar/DWQB6D2hJGj7DxavcA/bL
GPbP0LDU3Vv6pn7i7WNHeye2E2Vq2WEAaacYjiluBpCEnvlCFZXX96jbmnzScJZ2
ZlIo27YDOfze6nuNQ1aqGT1wccIoVnhZ
-----END CERTIFICATE-----
subject=/CN=mitvs-atm01/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
Client Certificate Types: RSA sign
---
SSL handshake has read 1672 bytes and written 2269 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: BD57EFDA3213AA48076CDB95E4EB60A79224B604F3C491CD0BB3D15700A3AC50
Session-ID-ctx:
Master-Key: 08F6E2B22EC7EB1FCBAB99A730F6301732FA56CB83F4E9DB4546DC27591E271A
67C115510EBECFBFDA1BCFE47DF49627
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1485370174
Timeout : 7200 (sec)
Verify return code: 0 (ok)
After successful connection, I created the keycert.p12 files in each the client and server directories based on the appropriate .pem files.
My client code:
_busControl = Bus.Factory.CreateUsingRabbitMq(x =>
{
var host = x.Host(new Uri(_rabbitHost), h =>
{
h.Username(UserName);
h.Password(Password);
h.UseSsl(s =>
{
s.ServerName = SslHostName;
s.CertificatePath = #"client\keycert.p12";
s.CertificatePassphrase = SslPassphrase;
s.Protocol = SslProtocols.Tls;
});
});
x.ReceiveEndpoint(host, _imageExamEndpoint,
e => { e.Consumer<UploadImageExamRequestConsumer>(); });
x.ReceiveEndpoint(host, _worklistEndpoint,
e => { e.Consumer<WorklistRequestConsumer>(); });
});
This works fine on the other machine, but on the new machine that we setup, we get the following error:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IList`1 hostnames, String clientProvidedName)
at MassTransit.RabbitMqTransport.Integration.RabbitMqConnectionCache.SendUsingNewConnection(IPipe`1 connectionPipe, ConnectionScope scope, CancellationToken cancellationToken)
Connect failed: admin#mitvs-atm01:5671/
Looking between my working version and my non-working version, the only thing that was different was my version of Erlang.
I upgraded my Windows Server 2012 R2 from Erlang 19.1 to Erlang 19.2 and it successfully started and listened securely.
I have installed Elastisearch 2.1.0 and kibana 4.3.0 in single machine.
Kibana.yml Configurations :
# Kibana is served by a back end server. This controls which port to use.
server.port: 5601
# The host to bind the server to.
server.host: "IP"
# A value to use as a XSRF token. This token is sent back to the server on each request
# and required if you want to execute requests from other clients (like curl).
# server.xsrf.token: ""
# If you are running kibana behind a proxy, and want to mount it at a path,
# specify that path here. The basePath can't end in a slash.
# server.basePath: ""
# The Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://IP:9200/"
# preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
# then the host you use to connect to *this* Kibana instance will be sent.
elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations
# and dashboards. It will create a new index if it doesn't already exist.
kibana.index: ".kibana"
# The default application to load.
kibana.defaultAppId: "discover"
# If your Elasticsearch is protected with basic auth, these are the user credentials
# used by the Kibana server to perform maintenance on the kibana_index at startup. Your Kibana
# users will still need to authenticate with Elasticsearch (which is proxied through
# the Kibana server)
# elasticsearch.username: "user"
# elasticsearch.password: "pass"
# SSL for outgoing requests from the Kibana Server to the browser (PEM formatted)
# server.ssl.cert: /path/to/your/server.crt
# server.ssl.key: /path/to/your/server.key
# Optional setting to validate that your Elasticsearch backend uses the same key files (PEM formatted)
# elasticsearch.ssl.cert: /path/to/your/client.crt
# elasticsearch.ssl.key: /path/to/your/client.key
# If you need to provide a CA certificate for your Elasticsearch instance, put
# the path of the pem file here.
# elasticsearch.ssl.ca: /path/to/your/CA.pem
# Set to false to have a complete disregard for the validity of the SSL
# certificate.
elasticsearch.ssl.verify: true
# Time in milliseconds to wait for elasticsearch to respond to pings, defaults to
# request_timeout setting
# elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or elasticsearch.
# This must be > 0
# elasticsearch.requestTimeout: 300000
# Time in milliseconds for Elasticsearch to wait for responses from shards.
# Set to 0 to disable.
# elasticsearch.shardTimeout: 0
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying
# elasticsearch.startupTimeout: 5000
# Set the path to where you would like the process id file to be created.
pid.file: /var/run/kibana.pid
# If you would like to send the log output to a file you can set the path below.
logging.dest: /var/log/kibana/kibana.log
# Set this to true to suppress all logging output.
# logging.silent: false
# Set this to true to suppress all logging output except for error messages.
# logging.quiet: true
# Set this to true to log all events, including system usage information and all requests.
# logging.verbose: true
While I am doing curl -IP:5601 , I am getting this output:
**HTTP/1.1 200 OK
x-app-name: kibana
x-app-version: 4.3.0
cache-control: no-cache
content-type: text/html
content-length: 217
accept-ranges: bytes
Date: Wed, 20 Jan 2016 15:28:35 GMT
Connection: keep-alive
<script>var hashRoute = '/app/kibana';
var defaultRoute = '/app/kibana';
var hash = window.location.hash;
if (hash.length) {
window.location = hashRoute + hash;
} else {
window.location = defaultRoute;
</script>
Elasticsearch and kibana both are up and running still I am not able to access Kibana GUI from the browser. It is not displaying the page.
I checked the configurations of elasticsearch.yml too.The host and IP is correct there. Curl command is giving this output for elasticsearch [Command :curl http://IP:9200/]
{
"name" : "node-1",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.1.0",
"build_hash" : "72cd1f1a3eee09505e036106146dc1949dc5dc87",
"build_timestamp" : "2015-11-18T22:40:03Z",
"build_snapshot" : false,
"lucene_version" : "5.3.1"
},
"tagline" : "You Know, for Search"
}
Could anybody tell what could be the issue.
Did you install elasticsearch and kibana on your local machine, I mean your laptop or computer that you are workng on? Or is it running on a separate server?
If you are running it on the same machine that you are accessing the browser, then you could just access it as localhost:port
As your error includes the status
Elasticsearch is still initializing the kibana index, I would recommend you to try the steps mentioned in this page:-
Elasticsearch is still initializing the kibana index
i'm new to Openstack and trying to build my own Openstack-environment.
After following the "OpenStack Installation Guide for Red Hat Enterprise Linux 7, CentOS 7, and Fedora 20" (on Fedora 21), I faced a problem at uploading cirrOS to the Image-Service.
My Openstack-version, refering to this command: "[root#localhost ~]# keystone-manage --version" should be
2014.2.2
After I try to upload the image I get this output:
ADMIN-OPENRC.SH:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=MYPASS
export OS_AUTH_URL=http://controller:35357/v2.0
[root#localhost ~]# source admin-openrc.sh [root#localhost ~]# glance
--debug image-create --name "cirros-0.3.3-x86_64" --file /tmp/images/cirros-0.3.3-x86_64-disk.img --disk-format qcow2
--container-format bare --is-public True --progress curl -i -X POST -H 'Accept-Encoding: gzip, deflate' -H 'x-image-meta-container_format:
bare' -H 'Accept: /' -H 'X-Auth-Token:
{SHA1}726116102202fa50ff0c064ca3cadb86b65fe997' -H 'x-image-meta-size:
13200896' -H 'Connection: keep-alive' -H 'x-image-meta-is_public:
True' -H 'User-Agent: python-glanceclient' -H 'Content-Type:
application/octet-stream' -H 'x-image-meta-disk_format: qcow2' -H
'x-image-meta-name: cirros-0.3.3-x86_64'
http://controller:9292/v1/images [=============================>]
100% Request returned failure status 401. Invalid OpenStack Identity
credentials.
I have to mention that i can get a token from keystone without problems:
[root#localhost ~]# keystone token-get
+-----------+----------------------------------+ | Property |
Value |
+-----------+----------------------------------+ | expires |
2015-07-03T10:26:38Z | | id |
96299e7c355d43a9b8e5b7f47a4d4cdd | | tenant_id |
425de1784b644473b6f1cffe874992c5 | | user_id |
0a85326e1c744d449327894b6a276b5d |
+-----------+----------------------------------+
Here are my config files:
GLANCE-API.CONF & GLANCE-REGISTRY.CONF
connection=mysql://glance:MYPASS#controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = MYPASS
KEYSTONE.CONF
connection=mysql://keystone:MYPASS#controller/keystone </b>
Here is my api.log:
/var/log/glance/api.log
2015-07-03 11:15:00.763 3447 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:01.266 3447 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:02.269 3447 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:04.273 3447 ERROR keystonemiddleware.auth_token [-] HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:04.274 3447 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-07-03 11:15:04.274 3447 INFO keystonemiddleware.auth_token [-] Invalid user token - deferring reject downstream
2015-07-03 11:15:04.327 3447 INFO glance.wsgi.server [-] 192.168.13.92 - - [03/Jul/2015 11:15:04] "POST /v1/images HTTP/1.1" 401 571 3.579172
2015-07-03 11:30:29.083 3446 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:29.587 3446 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:30.591 3446 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:32.595 3446 ERROR keystonemiddleware.auth_token [-] HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:32.595 3446 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-07-03 11:30:32.595 3446 INFO keystonemiddleware.auth_token [-] Invalid user token - deferring reject downstream
2015-07-03 11:30:32.649 3446 INFO glance.wsgi.server [-] 192.168.13.92 - - [03/Jul/2015 11:30:32] "POST /v1/images HTTP/1.1" 401 571 3.581761
Thanks for your effort
Kevin
--------------------------EDIT-----------------------------
Full Glance-Registry.conf:
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose=True
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
# Address to bind the registry server
#bind_host=0.0.0.0
# Port the bind the registry server to
#bind_port=9191
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
#log_file=/var/log/glance/registry.log
# Backlog requests when creating socket
#backlog=4096
# TCP_KEEPIDLE value in seconds when creating socket.
# Not supported on OS X.
#tcp_keepidle=600
# API to use for accessing data. Default value points to sqlalchemy
# package.
#data_api=glance.db.sqlalchemy.api
# The number of child process workers that will be
# created to service Registry requests. The default will be
# equal to the number of CPUs available. (integer value)
#workers=None
# Enable Registry API versions individually or simultaneously
#enable_v1_registry=True
#enable_v2_registry=True
# Limit the api to return `param_limit_max` items in a call to a container. If
# a larger `limit` query param is provided, it will be reduced to this value.
#api_limit_max=1000
# If a `limit` query param is not provided in an api request, it will
# default to `limit_param_default`
#limit_param_default=25
# Role used to identify an authenticated user as administrator
#admin_role=admin
# Whether to automatically create the database tables.
# Default: False
#db_auto_create=False
# Enable DEBUG log messages from sqlalchemy which prints every database
# query and response.
# Default: False
#sqlalchemy_debug=True
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
#use_syslog=False
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility=LOG_LOCAL1
# ================= SSL Options ===============================
# Certificate file to use when starting registry server securely
#cert_file=/path/to/certfile
# Private key file to use when starting registry server securely
#key_file=/path/to/keyfile
# CA certificate file to use to verify connecting clients
#ca_file=/path/to/cafile
# ============ Notification System Options =====================
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Messaging driver used for 'messaging' notifications driver
# rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
#rabbit_host=localhost
#rabbit_port=5672
#rabbit_use_ssl=false
#rabbit_userid=guest
#rabbit_password=guest
#rabbit_virtual_host=/
#rabbit_notification_exchange=glance
#rabbit_notification_topic=notifications
#rabbit_durable_queues=False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
#qpid_notification_exchange=glance
#qpid_notification_topic=notifications
#qpid_hostname=localhost
#qpid_port=5672
#qpid_username=
#qpid_password=
#qpid_sasl_mechanisms=
#qpid_reconnect_timeout=0
#qpid_reconnect_limit=0
#qpid_reconnect_interval_min=0
#qpid_reconnect_interval_max=0
#qpid_reconnect_interval=0
#qpid_heartbeat=5
# Set to 'ssl' to enable SSL
#qpid_protocol=tcp
#qpid_tcp_nodelay=True
# ================= Database Options ==========================
[database]
# The file name to use with SQLite (string value)
#sqlite_db=glance.sqlite
# If True, SQLite uses synchronous mode (boolean value)
#sqlite_synchronous=True
# The backend to use for db (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend=sqlalchemy
# The SQLAlchemy connection string used to connect to the
# database (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
connection = mysql://glance:MYPASS#controller/glance
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode=TRADITIONAL
# Timeout before idle sql connections are reaped (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>
# Maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10
# Interval between retries of opening a sql connection
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval=10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow=<None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug=0
# Add python stack traces to SQL as comment strings (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace=False
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout=<None>
# Enable the experimental use of database reconnect on
# connection lost (boolean value)
#use_db_reconnect=False
# seconds between db connection retries (integer value)
#db_retry_interval=1
# Whether to increase interval between db connection retries,
# up to db_max_retry_interval (boolean value)
#db_inc_retry_interval=True
# max seconds between db connection retries, if
# db_inc_retry_interval is enabled (integer value)
#db_max_retry_interval=10
# maximum db connection retries before error is raised.
# (setting -1 implies an infinite retry count) (integer value)
#db_max_retries=20
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = MYPASS
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-registry-dist-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor below
# as 'keystone'.
flavor=keystone
[profiler]
# If False fully disable profiling feature.
#enabled=False
# If False doesn't trace SQL requests.
#trace_sqlalchemy=False
Glance-Api.conf:
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-api-dist-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
flavor=keystone
Kevin,
All your configs look fine. Here is what I would suggest you to do
1) Run glance image-list and see if you get anything
2) Did you assign the admin role correctly to glance user "keystone user-role-add --user glance --tenant service --role admin"?
3) Did you run source admin-openrc.sh before running glance create?
HTH
Regards
Ashish
we have upgraded from 4.0 to 4.5.4 SonarQube. When a new ldap user is trying to login or an administrator tries to show Global Permissions in the settings menu a JDBCError occurs.
Here the error, that occurs, when I want to show global permissions:
2015.04.23 17:35:49 INFO http-bio-0.0.0.0-9100-exec-5 web[sql] 1ms Executed SQL: SELECT role FROM "group_roles" WHERE (resource_id is null and (group_id is null or group_id in(2,1,
3)))
2015.04.23 17:35:49 INFO http-bio-0.0.0.0-9100-exec-5 web[sql] 0ms Executed SQL: SELECT * FROM "user_roles" WHERE ("user_roles".user_id = 2)
2015.04.23 17:35:49 INFO http-bio-0.0.0.0-9100-exec-5 web[sql] 1ms Executed SQL: SELECT "user_roles"."id" AS t0_r0, "user_roles"."user_id" AS t0_r1, "user_roles"."resource_id" AS t
0_r2, "user_roles"."role" AS t0_r3, "users"."id" AS t1_r0, "users"."name" AS t1_r1, "users"."password" AS t1_r2, "users"."email" AS t1_r3, "users"."created" AS t1_r4, "users"."fullna
me" AS t1_r5, "users"."creationdate" AS t1_r6, "users"."disabled" AS t1_r7, "users"."lastactivation" AS t1_r8, "users"."link" AS t1_r9, "users"."accountreactivation" AS t1_r10, "user
s"."category" AS t1_r11, "users"."email" AS t1_r12, "users"."firstname" AS t1_r13, "users"."lastname" AS t1_r14, "users"."login" AS t1_r15, "users"."password" AS t1_r16, "users"."pho
neno" AS t1_r17, "users"."warehouseholderno" AS t1_r18, "users"."login" AS t1_r19, "users"."name" AS t1_r20, "users"."email" AS t1_r21, "users"."crypted_password" AS t1_r22, "users".
"salt" AS t1_r23, "users"."created_at" AS t1_r24, "users"."updated_at" AS t1_r25, "users"."remember_token" AS t1_r26, "users"."remember_token_expires_at" AS t1_r27, "users"."active"
AS t1_r28 FROM "user_roles" LEFT OUTER JOIN "users" ON "users".id = "user_roles".user_id WHERE ("user_roles"."role" = 'profileadmin' AND "user_roles"."resource_id" IS NULL AND "users
"."active" = 't')
2015.04.23 17:35:49 INFO http-bio-0.0.0.0-9100-exec-5 web[sql] 1ms Executed SQL: select 1
2015.04.23 17:35:49 ERROR http-bio-0.0.0.0-9100-exec-5 web[o.s.s.ui.JRubyFacade] Fail to render: http://build:9100/roles/global
ActiveRecord::JDBCError: ERROR: column users.password does not exist
Position: 184: SELECT "user_roles"."id" AS t0_r0, "user_roles"."user_id" AS t0_r1, "user_roles"."resource_id" AS t0_r2, "user_roles"."role" AS t0_r3, "users"."id" AS t1_r0, "users"
."name" AS t1_r1, "users"."password" AS t1_r2, "users"."email" AS t1_r3, "users"."created" AS t1_r4, "users"."fullname" AS t1_r5, "users"."creationdate" AS t1_r6, "users"."disabled"
AS t1_r7, "users"."lastactivation" AS t1_r8, "users"."link" AS t1_r9, "users"."accountreactivation" AS t1_r10, "users"."category" AS t1_r11, "users"."email" AS t1_r12, "users"."first
name" AS t1_r13, "users"."lastname" AS t1_r14, "users"."login" AS t1_r15, "users"."password" AS t1_r16, "users"."phoneno" AS t1_r17, "users"."warehouseholderno" AS t1_r18, "users"."l
ogin" AS t1_r19, "users"."name" AS t1_r20, "users"."email" AS t1_r21, "users"."crypted_password" AS t1_r22, "users"."salt" AS t1_r23, "users"."created_at" AS t1_r24, "users"."updated
_at" AS t1_r25, "users"."remember_token" AS t1_r26, "users"."remember_token_expires_at" AS t1_r27, "users"."active" AS t1_r28 FROM "user_roles" LEFT OUTER JOIN "users" ON "users".id
= "user_roles".user_id WHERE ("user_roles"."role" = 'profileadmin' AND "user_roles"."resource_id" IS NULL AND "users"."active" = 't')
On line #37 of app/views/roles/global.html.erb
34: <%= message("global_permissions.#{permission_key}.desc") -%>
35: 36: 37: <span id="users-<%= permission_key.parameterize -%>"><%= users(permission_key).map(&:name).join(', ') -%>
38: (<%= link_to_edit_roles_permission_form(message('select'), permission_key, nil, "select-users-#{permission_key}") -%>)<br/>
39: 40:
gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract_adapter.rb:227:in `log'
gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract_adapter.rb:212:in `log'
gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/jdbc/adapter.rb:183:in `execute'
gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/jdbc/adapter.rb:275:in `select'
gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/jdbc/adapter.rb:202:in `jdbc_select_all'
gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/query_cache.rb:60:in `select_all_with_query_cache'
gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/query_cache.rb:81:in `cache_sql'
gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/query_cache.rb:60:in `select_all_with_query_cache'
gems/gems/activerecord-2.3.15/lib/active_record/associations.rb:1624:in `select_all_rows'
gems/gems/activerecord-2.3.15/lib/active_record/associations.rb:1401:in `find_with_associations'
org/jruby/RubyKernel.java:1268:in `catch'
gems/gems/activerecord-2.3.15/lib/active_record/associations.rb:1399:in `find_with_associations'
gems/gems/activerecord-2.3.15/lib/active_record/base.rb:1580:in `find_every'
gems/gems/activerecord-2.3.15/lib/active_record/base.rb:619:in `find'
gems/gems/activerecord-2.3.15/lib/active_record/base.rb:639:in `all'
app/helpers/roles_helper.rb:24:in `users'
app/views/roles/global.html.erb:37
org/jruby/RubyArray.java:1613:in `each'
app/views/roles/global.html.erb:27
org/jruby/RubyKernel.java:2227:in `send'
gems/gems/actionpack-2.3.15/lib/action_view/renderable.rb:34:in `render'
gems/gems/actionpack-2.3.15/lib/action_view/base.rb:306:in `with_template'
gems/gems/actionpack-2.3.15/lib/action_view/renderable.rb:30:in `render'
and here the error that occurs while login:
2015.04.24 10:35:28 INFO http-bio-0.0.0.0-9100-exec-22 web[sql] 3ms Executed SQL: SELECT * FROM "users" WHERE ("users"."login" = 'a428774') LIMIT 1
2015.04.24 10:35:28 INFO http-bio-0.0.0.0-9100-exec-22 web[sql] 6ms Executed SQL: SELECT * FROM "groups" WHERE ("groups"."name" = 'sonar-users') LIMIT 1
2015.04.24 10:35:28 INFO http-bio-0.0.0.0-9100-exec-22 web[sql] 53ms Executed SQL: SELECT attr.attname, seq.relname FROM pg_class seq, pg_attribute attr, pg_depend dep, pg_namespa
ce name, pg_constraint cons WHERE seq.oid = dep.objid AND seq.relkind = 'S' AND attr.attrelid = dep.refobjid AND attr.attnum = dep.refobjsubid AND attr.attrelid = cons.conrelid AND a
ttr.attnum = cons.conkey[1] AND cons.contype = 'p' AND dep.refobjid = '"users"'::regclass
2015.04.24 10:35:28 INFO http-bio-0.0.0.0-9100-exec-22 web[sql] 2ms Executed SQL: INSERT INTO "users" ("name", "password", "email", "created", "fullname", "creationdate", "disabled
", "lastactivation", "link", "accountreactivation", "category", "firstname", "lastname", "login", "phoneno", "warehouseholderno", "crypted_password", "salt", "created_at", "updated_a
t", "remember_token", "remember_token_expires_at", "active") VALUES('MUSTERMANN, Marc', NULL, 'marc.mustermann#company.com', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'a4
28774', NULL, NULL, 'e285ed59429a05e40b250577fee291addedd09a1', '708e1dc34acb880756709e8db0d66999672478dc', '2015-04-24 10:35:28.400000', '2015-04-24 10:35:28.400000', NULL, NULL, 't
') RETURNING "id"
2015.04.24 10:35:28 ERROR http-bio-0.0.0.0-9100-exec-22 web[o.s.s.ui.JRubyFacade] Fail to render: http://build:9100/sessions/login
ActiveRecord::JDBCError: ERROR: column "password" of relation "users" does not exist
Position: 30: INSERT INTO "users" ("name", "password", "email", "created", "fullname", "creationdate", "disabled", "lastactivation", "link", "accountreactivation", "category", "fir
stname", "lastname", "login", "phoneno", "warehouseholderno", "crypted_password", "salt", "created_at", "updated_at", "remember_token", "remember_token_expires_at", "active") VALUES(
'MUSTERMANN, Marc', NULL, 'marc.mustermann#company.com', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'a428774', NULL, NULL, 'e285ed59429a05e40b250577fee291addedd09a1', '708
e1dc34acb880756709e8db0d66999672478dc', '2015-04-24 10:35:28.400000', '2015-04-24 10:35:28.400000', NULL, NULL, 't') RETURNING "id"
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract_adapter.rb:227:in `log'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract_adapter.rb:212:in `log'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/jdbc/adapter.rb:183:in `execute'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/jdbc/adapter.rb:275:in `select'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/jdbc/adapter.rb:212:in `select_one'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/database_statements.rb:19:in `selec
t_value'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-jdbc-adapter-1.1.3/lib/arjdbc/postgresql/adapter.rb:266:in `pg_insert'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/query_cache.rb:26:in `insert_with_q
uery_dirty'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/base.rb:2967:in `create'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/timestamp.rb:53:in `create_with_timestamps'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/callbacks.rb:266:in `create_with_callbacks'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/base.rb:2933:in `create_or_update'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/callbacks.rb:250:in `create_or_update_with_callbacks'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/base.rb:2583:in `save'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/validations.rb:1089:in `save_with_validation'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/dirty.rb:79:in `save_with_dirty'
org/jruby/RubyKernel.java:2227:in `send'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:229:in `with_transaction_returning_status'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/database_statements.rb:136:in `tran
saction'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:182:in `transaction'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:228:in `with_transaction_returning_status'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:196:in `save_with_transactions'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:208:in `rollback_active_record_state!'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:196:in `save_with_transactions'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/lib/need_authentication.rb:157:in `synchronize'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/connection_adapters/abstract/database_statements.rb:136:in `tran
saction'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/activerecord-2.3.15/lib/active_record/transactions.rb:182:in `transaction'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/lib/need_authentication.rb:122:in `synchronize'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/lib/need_authentication.rb:79:in `external_auth'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/lib/need_authentication.rb:101:in `auth'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/lib/need_authentication.rb:56:in `authenticate?'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/lib/need_authentication.rb:236:in `authenticate'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/app/controllers/sessions_controller.rb:30:in `login'
org/jruby/RubyKernel.java:2223:in `send'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/actionpack-2.3.15/lib/action_controller/base.rb:1333:in `perform_action'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/actionpack-2.3.15/lib/action_controller/filters.rb:617:in `call_filters'
/global/apps/java.build.sonartest/sonarqube-4.5.4/web/WEB-INF/gems/gems/actionpack-2.3.15/lib/action_controller/filters.rb:610:in `perform_action_with_filters'
Here the plugins we use:
-rw-r--r-- 1 tsonar jtest 105 23. Apr 09:30 README.txt
-rw-r--r-- 1 tsonar jtest 2404852 23. Apr 09:31 sonar-checkstyle-plugin-2.3.jar
-rw-r--r-- 1 tsonar jtest 10325 23. Apr 09:30 sonar-cobertura-plugin-1.6.3.jar
-rw-r--r-- 1 tsonar jtest 6228395 23. Apr 09:31 sonar-findbugs-plugin-3.1.jar
-rw-r--r-- 1 tsonar jtest 2507184 23. Apr 09:31 sonar-java-plugin-3.1.jar
-rw-r--r-- 1 tsonar jtest 30646 23. Apr 09:31 sonar-ldap-plugin-1.4.jar
-rw-r--r-- 1 tsonar jtest 3154834 23. Apr 12:33 sonar-pdfreport-plugin-1.4.jar
-rw-r--r-- 1 tsonar jtest 3568440 23. Apr 09:31 sonar-pmd-plugin-2.3.jar
-rw-r--r-- 1 tsonar jtest 15342 23. Apr 09:31 sonar-useless-code-tracker-plugin-1.0.jar
-rw-r--r-- 1 tsonar jtest 340834 23. Apr 09:31 sonar-web-plugin-2.3.jar
-rw-r--r-- 1 tsonar jtest 13488 23. Apr 09:30 sonar-widget-lab-plugin-1.6.jar
For more information please look at the sonar.properties.
thanks in advance
Regards
Gaby
sonar.properties
# This file must contain only ISO 8859-1 characters.
# See http://docs.oracle.com/javase/1.5.0/docs/api/java/util/Properties.html#load(java.io.InputStream)
#
# Property values can:
# - reference an environment variable, for example sonar.jdbc.url= ${env:SONAR_JDBC_URL}
# - be encrypted. See http://redirect.sonarsource.com/doc/settings-encryption.html
#--------------------------------------------------------------------------------------------------
# DATABASE
#
# IMPORTANT: the embedded H2 database is used by default. It is recommended for tests but not for
# production use. Supported databases are MySQL, Oracle, PostgreSQL and Microsoft SQLServer.
# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
sonar.jdbc.username=sonar
sonar.jdbc.password=sonartest
#----- Embedded Database (default)
# It does not accept connections from remote hosts, so the
# server and the analyzers must be executed on the same host.
#sonar.jdbc.url=jdbc:h2:tcp://localhost:9092/sonar
# H2 embedded database server listening port, defaults to 9092
#sonar.embeddedDatabase.port=9092
#----- MySQL 5.x
#sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
#----- Oracle 10g/11g
# - Only thin client is supported
# - Only versions 11.2.* of Oracle JDBC driver are supported, even if connecting to lower Oracle versions.
# - The JDBC driver must be copied into the directory extensions/jdbc-driver/oracle/
# - If you need to set the schema, please refer to http://jira.codehaus.org/browse/SONAR-5000
#sonar.jdbc.url=jdbc:oracle:thin:#localhost/XE
#----- PostgreSQL 8.x/9.x
# If you don't use the schema named "public", please refer to http://jira.codehaus.org/browse/SONAR-5000
sonar.jdbc.url=jdbc:postgresql://sonartest:5432/test
#----- Microsoft SQLServer 2005/2008
# Only the distributed jTDS driver is supported.
#sonar.jdbc.url=jdbc:jtds:sqlserver://localhost/sonar;SelectMethod=Cursor
#----- Connection pool settings
sonar.jdbc.maxActive=20
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000
#--------------------------------------------------------------------------------------------------
# WEB SERVER
# Web server is executed in a dedicated Java process. By default its heap size is 768Mb.
# Use the following property to customize JVM options. Enabling the HotSpot Server VM
# mode (-server) is recommended.
# Note that the option -Dfile.encoding=UTF-8 is mandatory.
#sonar.web.javaOpts=-Xmx768m -XX:MaxPermSize=160m -XX:+HeapDumpOnOutOfMemoryError
# Same as previous property, but allows to not repeat all other settings
# like -Djava.awt.headless=true
#sonar.web.javaAdditionalOpts=
# Binding IP address. For servers with more than one IP address, this property specifies which
# address will be used for listening on the specified ports.
# By default, ports will be used on all IP addresses associated with the server.
#sonar.web.host=0.0.0.0
# Web context. When set, it must start with forward slash (for example /sonarqube).
# The default value is root context (empty value).
#sonar.web.context=
# TCP port for incoming HTTP connections. Disabled when value is -1.
sonar.web.port=9100
# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).
#sonar.web.https.port=-1
#
# Recommendation for HTTPS
# SonarQube natively supports HTTPS. However using a reverse proxy
# infrastructure is the recommended way to set up your SonarQube installation
# on production environments which need to be highly secured.
# This allows to fully master all the security parameters that you want.
# HTTPS - the alias used to for the server certificate in the keystore.
# If not specified the first key read in the keystore is used.
#sonar.web.https.keyAlias=
# HTTPS - the password used to access the server certificate from the
# specified keystore file. The default value is "changeit".
#sonar.web.https.keyPass=changeit
# HTTPS - the pathname of the keystore file where is stored the server certificate.
# By default, the pathname is the file ".keystore" in the user home.
# If keystoreType doesn't need a file use empty value.
#sonar.web.https.keystoreFile=
# HTTPS - the password used to access the specified keystore file. The default
# value is the value of sonar.web.https.keyPass.
#sonar.web.https.keystorePass=
# HTTPS - the type of keystore file to be used for the server certificate.
# The default value is JKS (Java KeyStore).
#sonar.web.https.keystoreType=JKS
# HTTPS - the name of the keystore provider to be used for the server certificate.
# If not specified, the list of registered providers is traversed in preference order
# and the first provider that supports the keystore type is used (see sonar.web.https.keystoreType).
#sonar.web.https.keystoreProvider=
# HTTPS - the pathname of the truststore file which contains trusted certificate authorities.
# By default, this would be the cacerts file in your JRE.
# If truststoreFile doesn't need a file use empty value.
#sonar.web.https.truststoreFile=
# HTTPS - the password used to access the specified truststore file.
#sonar.web.https.truststorePass=
# HTTPS - the type of truststore file to be used.
# The default value is JKS (Java KeyStore).
#sonar.web.https.truststoreType=JKS
# HTTPS - the name of the truststore provider to be used for the server certificate.
# If not specified, the list of registered providers is traversed in preference order
# and the first provider that supports the truststore type is used (see sonar.web.https.truststoreType).
#sonar.web.https.truststoreProvider=
# HTTPS - whether to enable client certificate authentication.
# The default is false (client certificates disabled).
# Other possible values are 'want' (certificates will be requested, but not required),
# and 'true' (certificates are required).
#sonar.web.https.clientAuth=false
# HTTPS - comma separated list of encryption ciphers to support for HTTPS connections.
# If specified, only the ciphers that are listed and supported by the SSL implementation will be used.
# By default, the default ciphers for the JVM will be used. Note that this usually means that the weak
# export grade ciphers, for instance RC4, will be included in the list of available ciphers.
# The ciphers are specified using the JSSE cipher naming convention (see
# https://www.openssl.org/docs/apps/ciphers.html)
# Example: sonar.web.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#sonar.web.https.ciphers=
# The maximum number of connections that the server will accept and process at any given time.
# When this number has been reached, the server will not accept any more connections until
# the number of connections falls below this value. The operating system may still accept connections
# based on the sonar.web.connections.acceptCount property. The default value is 50 for each
# enabled connector.
#sonar.web.http.maxThreads=50
#sonar.web.https.maxThreads=50
# The minimum number of threads always kept running. The default value is 5 for each
# enabled connector.
#sonar.web.http.minThreads=5
#sonar.web.https.minThreads=5
# The maximum queue length for incoming connection requests when all possible request processing
# threads are in use. Any requests received when the queue is full will be refused.
# The default value is 25 for each enabled connector.
#sonar.web.http.acceptCount=25
#sonar.web.https.acceptCount=25
# Access logs are generated in the file logs/access.log. This file is rolled over when it's 5Mb.
# An archive of 3 files is kept in the same directory.
# Access logs are enabled by default.
#sonar.web.accessLogs.enable=true
# TCP port for incoming AJP connections. Disabled if value is -1. Disabled by default.
#sonar.ajp.port=-1
#--------------------------------------------------------------------------------------------------
# SEARCH INDEX
# Elasticsearch is used to facilitate fast and accurate information retrieval.
# It is executed in a dedicated Java process.
# JVM options. Note that enabling the HotSpot Server VM mode (-server) is recommended.
#sonar.search.javaOpts=-Xmx256m -Xms256m -Xss256k -Djava.net.preferIPv4Stack=true \
# -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 \
# -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
# Same as previous property, but allows to not repeat all other settings
# like -Djava.awt.headless=true
#sonar.search.javaAdditionalOpts=
# Elasticsearch port. Default is 9001. Use 0 to get a free port.
# This port must be private and must not be exposed to the Internet.
sonar.search.port=9102
#--------------------------------------------------------------------------------------------------
# UPDATE CENTER
# Update Center requires an internet connection to request http://update.sonarsource.org
# It is enabled by default.
sonar.updatecenter.activate=true
# HTTP proxy (default none)
http.proxyHost=proxy
http.proxyPort=4711
# NT domain name if NTLM proxy is used
#http.auth.ntlm.domain=
# SOCKS proxy (default none)
#socksProxyHost=
#socksProxyPort=
# proxy authentication. The 2 following properties are used for HTTP and SOCKS proxies.
http.proxyUser=proxyuser
http.proxyPassword=proxypwd
#--------------------------------------------------------------------------------------------------
# LOGGING
# Level of information displayed in the logs: NONE (default), BASIC (functional information)
# and FULL (functional and technical details)
#sonar.log.profilingLevel=NONE
# Path to log files. Can be absolute or relative to installation directory.
# Default is <installation home>/logs
#sonar.path.logs=logs
#--------------------------------------------------------------------------------------------------
# OTHERS
# Delay in seconds between processing of notification queue. Default is 60 seconds.
#sonar.notifications.delay=60
# Paths to persistent data files (embedded database and search index) and temporary files.
# Can be absolute or relative to installation directory.
# Defaults are respectively <installation home>/data and <installation home>/temp
#sonar.path.data=data
#sonar.path.temp=temp
#--------------------------------------------------------------------------------------------------
# DEVELOPMENT - only for developers
# The following properties MUST NOT be used in production environments.
# Dev mode allows to reload web sources on changes and to restart server when new versions
# of plugins are deployed.
#sonar.web.dev=false
# Path to webapp sources for hot-reloading of Ruby on Rails, JS and CSS (only core,
# plugins not supported).
#sonar.web.dev.sources=/path/to/server/sonar-web/src/main/webapp
# Uncomment to enable the Elasticsearch HTTP connector, so that ES can be directly requested through
# http://lmenezes.com/elasticsearch-kopf/?location=http://localhost:9010
#sonar.search.httpPort=9010
#-------------------
# Sonar LDAP Plugin
#-------------------
# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.authenticator.createUsers=true
sonar.security.updateUserAttributes=true
sonar.security.localUsers=admin,analysers
ldap.url=ldap://ldap.company.com
# (optional) Bind DN is the username of an LDAP user to connect (or bind) with.
ldap.bindDn: cn=ldap,ou=oudaten,DC=company,DC=com
# (optional) Bind Password is the password of the user to connect with.
ldap.bindPassword: pwdldap
# User Configuration
ldap.user.baseDn=CN=Users, DC=company,DC=com
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
# Group Configuration
#ldap.group.baseDn=ou=Groups,dc=sonarsource,dc=com
#ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
# -------------------------------------------------------------------------
# Properties aelterer Versionen des LDAP-Plugins
# -------------------------------------------------------------------------
# Login Attribute is the attribute in LDAP holding the userâ??s login.
# Default is â??uidâ??. Set â??sAMAccountNameâ?? for Microsoft Active Directory
#ldap.user.loginAttribute: sAMAccountName
# Object class of LDAP users.
# Default is 'inetOrgPerson'. Set â??userâ?? for Microsoft Active Directory.
#ldap.user.objectClass: user
sonar.log.profilingLevel=FULL
I have found the cause. The database schema must be the only schema in the database. Otherwise this error occurs.